Top related persons:
Top related locs:
Top related orgs:

Search resuls for: "MoveIt"


25 mentions found


Sept 29 (Reuters) - Australian software supplier Energy One (EOL.AX) said on Friday it had not uncovered any evidence of malicious activity on their customer systems after a cyber incident was first identified last month. The company had previously said some personal information of its current and former employees had been compromised, for which the notification process is underway. "Our investigations have not revealed any evidence that customer systems have been impacted and the company continues to securely trade," Energy One said in a statement on Friday. Australian firms have suffered many cyber attacks since September 2022, putting the spotlight on the country's understaffed cybersecurity industry. Recently, Shell Plc (SHEL.L) identified a cybersecurity incident involving some employees at BG Group in Australia, the latest company to be hit by the MOVEit hack.
Persons: Clare O'Neil, Ayushman Ojha, Rashmi Aich, Sherry Jacob, Phillips Organizations: Energy, Shell Plc, BG Group, Home Affairs, Thomson Locations: Australian, Australia
Sept 15 (Reuters) - Shell Plc (SHEL.L) said on Friday that it has identified a cybersecurity incident involving some employees who worked with the company's unit BG Group in Australia before the merger, becoming the latest victim of the MOVEit hack. A number of businesses globally have lately been affected by a cybersecurity breach on the software tool MOVEit that is typically used to transfer large amounts of often sensitive data including pension information and social security numbers. Shell said it has identified some personal information related to the affected individuals that was accessed without any authorization and has made attempts to notify them of the breach. Shell did not immediately respond to a Reuters request for comment to clarify the exact number of individuals impacted in the cybersecurity incident. Reporting by Roushni Nair and Navya Mittal in Bengaluru; Editing by Shailesh KuberOur Standards: The Thomson Reuters Trust Principles.
Persons: Shell, Hebe Chen, Chen, Roushni Nair, Navya Mittal, Shailesh Organizations: Shell Plc, Group, IG Markets, Reuters, BG, Thomson Locations: Australia, Brazil, Bengaluru
[1/2] A sign indicates the direction to the offices of Progress Software in Burlington, Massachusetts, U.S., July 26, 2023. But more than two months after the breach was first disclosed by Massachusetts-based Progress Software, the parade of victims has scarcely slowed. The tallies show that nearly 40 million people have been affected so far by the hack of Progress' MOVEit Transfer file management program. Now the digital extortionists involved, a group named "cl0p", have become increasingly aggressive about thrusting their data into the public domain. MOVEit is used by organizations to ship large amounts of often sensitive data: pension information, social security numbers, medical records, billing data and the like.
Persons: Brian Snyder, Marc Bleicher, cl0p, Huntress Security's John Hammond, Christopher Budd, Sophos, Eric Goldstein, Nathan Little, Emsisoft, Bert Kondruss, Rowe Price, Maximus, Alexander Urbelis, Crowell, Goldstein, didn't, Surefire's, Raphael Satter, Zeba Siddiqui, Chris Sanders, Grant McCool Organizations: Progress Software, REUTERS, FRANCISCO, Reuters, Software, Insurance, of America, Cybersecurity, Infrastructure Security Agency, Tetra Defense, WHO, Pension, California Public Employees, Moring, U.S ., Thomson Locations: Burlington , Massachusetts, U.S, WASHINGTON, American, Massachusetts, York, New York, Louisiana, California, New York City, Oregon
Pacific Premier says vendor hit by MOVEit data breach
  + stars: | 2023-07-25 | by ( ) www.reuters.com   time to read: +1 min
July 25 (Reuters) - Pacific Premier Bancorp (PPBI.O) said on Tuesday that a cybersecurity incident at a third-party vendor has led to data leak of its bank's clients, becoming the latest victim of the MOVEit hack. The vendor confirmed that personal data had been compromised in the incident, which involved popular file transfer tool MOVEit, Pacific Premier said in a regulatory filing. Firms, institutions and government departments using file sharing software MOVEit have recently been hit by data breaches. On Monday, consumer and commercial bank 1st Source Corp (SRCE.O) said a security breach that involved MOVEit has impacted about 450,000 records. MOVEit, made by Massachusetts-based Progress, allows organizations to securely transfer files and data between business partners and customers.
Persons: MOVEit, Jaiveer Singh, Shailesh Organizations: Pacific Premier Bancorp, Pacific Premier, Corp, Thomson Locations: Massachusetts, Bengaluru
July 24 (Reuters) - Commercial and Consumer bank 1st Source Corp (SRCE.O) said on Monday a security breach that involved a popular file transfer tool, MOVEit, has impacted about 450,000 records. A third party had gained access to data of its commercial and individual clients, 1st Source reported earlier this month, adding that it was in the process of identifying and notifying individual clients affected. Last month, the U.S. security researchers reported that hackers had stolen data from the systems of a number of users shortly after MOVEit's developer Progress Software Corp (PRGS.O) disclosed that a security flaw had been discovered. MOVEit, made by Massachusetts-based Progress, allows organizations to securely transfer files and data between business partners and customers. Reporting by Pritam Biswas in BengaluruOur Standards: The Thomson Reuters Trust Principles.
Persons: Pritam Biswas Organizations: Consumer, Corp, Progress Software Corp, Thomson Locations: U.S, Massachusetts, Bengaluru
Victims of Cyberattack on File-Transfer Tool Pile Up
  + stars: | 2023-07-19 | by ( Catherine Stupp | ) www.wsj.com   time to read: +6 min
The list of companies hit by a cyberattack on a widely used software tool continues to expand and several victims have filed lawsuits alleging mishandling of data. The continued disclosure of new victims affected by hackers exploiting a vulnerability in MoveIt, a common file-transfer tool from Progress Software, underscores how cyberattacks can ripple through supply chains. Some companies have been drawn into data breaches without having used MoveIt because their business partners use it. The Cl0p ransomware group has taken responsibility for the cyberattacks and posted data from some victims on its underground website. A 2021 cyberattack on a tool similar to MoveIt—Accellion’s File Transfer Appliance—had similar ripple effects.
Persons: , Brett Callow, cyberattacks, Callow, Genworth, PBI, , Shell, Rob Carr, Suzie Squier, Johns, Johns Hopkins, Emsisoft’s Callow, Catherine Stupp Organizations: Progress Software, . Progress, Progress, Shell, BBC, Energy Department, Genworth Financial, Social, PBI Research Services, U.S . Department of Health, Human Services, Colorado State University, BG Group, Johns Hopkins University, Getty Locations: British, MoveIt, Kaseya, Johns Hopkins
1st Source says data compromised in MOVEit data breach
  + stars: | 2023-07-10 | by ( ) www.reuters.com   time to read: +1 min
July 10 (Reuters) - Financing firm 1st Source Corp (SRCE.O) said on Monday a third party gained access to data of its commercial and individual clients as part of the security breach involving popular file transfer tool MOVEit reported last month. The company did not disclose the scale of the data breach, but said it is in the process of identifying and notifying individual clients who have been impacted. 1st Source said it used the software for secure file transfers supporting internal operations and client services. Last month, the U.S. security researchers reported that hackers had stolen data from the systems of a number of users shortly after MOVEit's developer Progress Software Corp (PRGS.O) disclosed that a security flaw had been discovered. MOVEit allows organizations and governmental agencies to transfer files and data between business partners and customers.
Persons: Pritam Biswas, Shailesh Organizations: Source Corp, Progress Software Corp, Thomson Locations: U.S, Bengaluru
Dublin airport staff's salary data breached
  + stars: | 2023-07-02 | by ( ) www.reuters.com   time to read: +1 min
[1/2] An Irish Hare is seen at Dublin Airport in Dublin, Ireland, December 3, 2021. REUTERS/Clodagh Kilcoyne/File PhotoJuly 2 (Reuters) - Some Dublin airport staff's financial information has been compromised by a cyber-attack on provider company Aon (AON.N) that also affected various other firms, the Dublin Airport Authority (DAA) said on Sunday. Britain's Sunday Times reported that the attack on file-transfer software tool MOVEit, used by Aon, affected nearly 2,000 Dublin airport staff, as well other agencies and companies in the US and UK. "DAA is offering support, advice and assistance to employees impacted by this criminal cyber-attack," the Irish airport authority said, without giving further details. Reporting by Anirudh Saligrama, additional reporting by Gursimran Kaur, Editing by David Gregorio and Jonathan OatisOur Standards: The Thomson Reuters Trust Principles.
Persons: Irish Hare, Clodagh, AON, Anirudh Saligrama, Gursimran Kaur, David Gregorio, Jonathan Oatis Organizations: Dublin Airport, REUTERS, Dublin Airport Authority, Sunday Times, Thomson Locations: Irish, Dublin, Ireland
Chipmaker TSMC says supplier targeted in cyberattack
  + stars: | 2023-06-30 | by ( ) www.reuters.com   time to read: +1 min
June 30 (Reuters) - Taiwan Semiconductor Manufacturing Co (2330.TW) said on Friday that a cybersecurity incident involving one of its IT hardware suppliers has led to the leak of the vendor's company data. "TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident which led to the leak of information pertinent to server initial setup and configuration," the company said. TMSC confirmed in a statement to Reuters that its business operations or customer information were not affected following the cybersecurity incident at its supplier Kinmax. The TSMC vendor breach is part of a larger trend of significant security incidents affecting various companies and government entities. TSMC said it has cut off data exchange with the affected supplier following the incident.
Persons: TSMC, TMSC, Akriti Sharma, James Pearson, Shailesh Organizations: Taiwan Semiconductor Manufacturing, Thomson Locations: U.S
WASHINGTON, June 28 (Reuters) - The U.S. Department of Health and Human Services (HHS) was among those affected by a wide-ranging hack centered on a piece of software called MOVEit Transfer, Bloomberg News reported on Wednesday. The report comes as the hackers behind the massive breach claimed credit for stealing data from two major law firms, Kirkland & Ellis LLP and K&L Gates LLP. Kirkland and K&L did not immediately return messages left after hours. The group has previously insisted it doesn't deliberately steal data from government organizations, but that doesn't mean that data hasn't been compromised. Bloomberg cited a person familiar with the incident at HHS as saying that tens of thousands of records could have been exposed.
Persons: Ellis, cl0p, Gates, Kirkland, doesn't, Cl0p didn't, Jon Clay, TrendMicro, Raphael Satter, Lincoln Organizations: U.S . Department of Health, Human Services, Bloomberg, Kirkland, Gates, HHS, Progress Software, Thomson Locations: Russian
[1/2] A worker arrives at the Department of Health and Human Services in Washington, October 1, 2013. REUTERS/James Lawler Duggan/File PhotoWASHINGTON, June 28 (Reuters) - The U.S. Department of Health and Human Services (HHS) was among those affected by a wide-ranging hack centered on a piece of software called MOVEit Transfer, a source at HHS said on Wednesday. "While no HHS systems or networks were compromised, attackers gained access to data by exploiting the vulnerability in the MOVEit Transfer software of third-party vendors," a health department official familiar with the matter said. Hackers behind the massive breach also claimed credit for stealing data from two major law firms, Kirkland & Ellis LLP and K&L Gates LLP. Kirkland and K&L did not immediately return messages left after hours.
Persons: James Lawler Duggan, Ellis, cl0p, Gates, Kirkland, doesn't, Cl0p didn't, Jon Clay, TrendMicro, Raphael Satter, Lincoln Organizations: Department of Health, Human Services, REUTERS, WASHINGTON, U.S . Department of Health, HHS, Kirkland, Gates, Bloomberg, Progress Software, Thomson Locations: Washington, Russian
The total number of recent victims from the online extortion ring has reached 121 organizations, according to Brett Callow, whose cybersecurity company Emsisoft helps companies respond to digital shakedown attempts. In 2021, Ukrainian authorities announced the arrests of six people tied to cl0p, but it's not clear that they were core members of the group, which continued to hack victims. Plundering file transfer protocols has become increasingly popular as hackers shift from encrypting data to simply stealing files and threatening to release them unless a ransom is paid. Many of the organizations stress that the target of the hack is the file transfer service, not their systems. The FBI said it was "aware of and investigating the recent exploitation of a MOVEit vulnerability by malicious ransomware actors."
Persons: Brett Callow, encrypting, TrendMicro, didn't, Cl0p, Emsisoft, Charles Carmakal, Raphael Satter, Christopher Bing, James Pearson, Cynthia Osterman Organizations: University of California, Siemens Energy, Abbvie Inc, Schneider, Publicly, Sony, Shell PLC, Government, U.S . Energy Department, Alphabet Inc, FBI, Thomson Locations: Los Angeles, Russia, Washington, London
Siemens and UCLA say data compromised in MOVEit data breach
  + stars: | 2023-06-27 | by ( ) www.reuters.com   time to read: +1 min
The hackers behind the wide-ranging breach, Cl0p, had earlier boasted about stealing data from UCLA and Siemens on their website. Cl0p also claimed to have stolen data from biopharmaceutical company Abbvie Inc (ABBV.N) and French industrial group Schneider Electric (SCHN.PA). Siemens and UCLA provided few additional details about the scope or consequences of the breach. Siemens said none of its critical data had been compromised and its operations remained unaffected. UCLA said its campus systems were unaffected and that "all of those who have been impacted have been notified".
Persons: Cl0p, Christoph Steitz, Raphael Satter, Matthias Williams, Mark Potter Organizations: Siemens Energy, University of California, UCLA, Siemens, Abbvie Inc, Schneider, FBI, Genworth, Thomson Locations: FRANKFURT, Los Angeles, UCLA
News reports said information from more than 700,000 Calpers members and retirees was taken. The MOVEit software is widely-used by organisations around the world to share sensitive data. Genworth Financial was harder hit, saying personal information of nearly 2.5 million to 2.7 million of its customers was breached. "The personal information of a significant number of insurance policyholders or other customers of its life insurance businesses was unlawfully accessed," Genworth said. The MOVEit hack has hit several state and federal agencies.
Persons: PBI, Calpers, Genworth, Niket, Chris Sanders, Maju Samuel, Daniel Wallis Organizations: Genworth, PBI Research Services, U.S . Department of Energy, Washington DC, Thomson Locations: Calpers, Burlington , Massachusetts, Russia, Bengaluru, Washington
June 20 (Reuters) - Australia's largest private health insurer Medibank Private (MPL.AX) on Tuesday confirmed that a file containing the names and contact details of certain staff members had been compromised after its building manager faced a cybersecurity breach. Medibank systems have not been affected by the cyberattack on the building manager's third-party software platform MOVEit, the company said. Reporting by Rishav Chatterjee in Bengaluru; Editing by Dhanya Ann ThoppilOur Standards: The Thomson Reuters Trust Principles.
Persons: Rishav Chatterjee, Dhanya Ann Thoppil Organizations: Medibank, Thomson Locations: Bengaluru
CORPORATE DROPBOXESFTA, GoAnywhere MFT, and MOVEit Transfer are corporate versions of file sharing programs consumers use all the time, like Dropbox or WeTransfer. MFT software often promises the ability to automate the movement of data, transfer documents at scale and provide fine-grained control over who can access what. MFT PROGRAMS CAN BE TEMPTING TARGETSRunning an extortion operation against a well-defended corporation is reasonably difficult, said Recorded Future analyst Allan Liska. "If you can get to one of these file transfer points, all the data is right there. HACKER TACTICS ARE SHIFTINGScooping up data that way is becoming an increasingly important part of the way hackers operate.
Persons: Ransom, GoAnywhere MFT, James Lewis, WeTransfer, Allan Liska, Bam, Liska, Joe Slowik, Huntress, Raphael Satter, Grant McCool Organizations: Software, GoAnywhere, Thomson
CNN —Millions of people in Louisiana and Oregon have had their data compromised in the sprawling cyberattack that has also hit the US federal government, state agencies said late Thursday. The breach has affected 3.5 million Oregonians with driver’s licenses or state ID cards, and anyone with that documentation in Louisiana, authorities said. The hackers exploited a flaw in a popular file-transfer software known as MOVEit made by Massachusetts-based Progress Software. Hundreds of organizations across the globe have likely had their data exposed after the hackers used the flaw to break into networks in recent weeks. US officials described the cyberattack as an opportunistic, financially motivated hack that has not caused disruptions to agency services.
Persons: Casey Tingle, Aon, John Bel Edwards, ” Munish Walther, Puri, It’s, , Jeff Greene, , Greene Organizations: CNN, Department of Energy, BBC, British Airways, University of Georgia, Social, Louisiana Office of Motor Vehicles, Louisiana Gov, US, Progress Software, FBI, Infrastructure Security Agency, National Security Council, Aspen Locations: Louisiana, Oregon, Russian, Massachusetts, Clop, Ukraine
WASHINGTON, June 16 (Reuters) - The U.S. Department of Energy got ransom requests from the Russia-linked extortion group Cl0p at both its nuclear waste facility and the scientific education facilities that were recently hit in a global hacking campaign, a spokesperson said on Friday. Data was "compromised" at two entities within the DOE when hackers gained access through a security flaw in MOVEit Transfer. The requests came in emails to each facility, said the spokesperson, who did not say how much money was requested. "The two entities that received them did not engage," with Cl0p and there was no indication that the ransom requests were withdrawn, the spokesperson said. Cl0p has said it would not exploit any data taken from government agencies, and that it had erased all such data.
Persons: CISA, Cl0p, Allan Liska, cl0p, Liska, Timothy Gardner, Raphael Satter, Leslie Adler, Daniel Wallis Organizations: U.S . Department of Energy, DOE, Associated Universities, U.S, Cybsecurity, Infrastructure Security Agency, Thomson Locations: Russia, New Mexico, Washington
Separately, state agencies said late Thursday that millions of people in Louisiana and Oregon had their data compromised in a security breach. The cyberattack has targeted federal and state agencies. No other federal agencies have confirmed being impacted. And on Thursday, state agencies said 3.5 million Oregonians with driver’s licenses or state ID cards had been impacted by a breach as well as anyone with that documentation in Louisiana. But much of the responsibility now lies on businesses and federal agencies rather than individuals, according to Cattanach.
Persons: , ” Robert Cattanach, Dorsey, you’re, , Clop, Brett Callow, Emsisoft, ” Callow, Aon, they’ve, ” CISA, Allan Liska Organizations: CNN, Infrastructure Security Agency, Whitney, Department of Justice, The Department of Energy, BBC, British Airways, Boston Globe, Sydney Phoenix, US Department of Homeland, Johns Hopkins University, University of Georgia, , Progress Software Locations: Russian, Louisiana, Oregon, Minnesota, Illinois, Arlington , VA, Baltimore, Georgia’s
US government hit in global cyberattack
  + stars: | 2023-06-15 | by ( Sean Lyngaas | ) edition.cnn.com   time to read: +3 min
CNN —“Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. A CISA spokesperson had no comment when CNN asked who carried out the hack of federal agencies and how many have been affected. But the news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major US universities and state governments. As of Thursday morning, the dark website did not list any US federal agencies. Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.
Persons: Eric Goldstein, cybersecurity, , Organizations: CNN, Infrastructure Security Agency, Johns Hopkins University, University of Georgia, , BBC, British Airways Locations: Russian, Baltimore, Georgia’s, Minnesota, Illinois
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly testifies before a House Homeland Security Subcommittee, at the Rayburn House Office Building on April 28, 2022 in Washington, DC. Several U.S. agencies have been hacked as part of a broader cyberattack that has hit dozens of companies and organizations in recent weeks through a previously unknown vulnerability in popular file sharing software. "CISA is providing support to several federal agencies that have experienced intrusions," he said. Charles Carmakal, chief technology officer of Mandiant, a cybersecurity company owned by Google whose clients include government agencies, said that he was aware of some data theft from federal agencies through the MOVEIt hacks. Wendi Whitmore, who leads threat analysis for the cybersecurity company Palo Alto Networks, said that CL0P's campaign of hacking victims through MOVEIt was incredibly widespread.
Persons: Jen, Eric Goldstein, Charles Carmakal, Andrea Mitchell, Brett Callow, Wendi Whitmore, MOVEIt Organizations: Infrastructure Security Agency, Homeland Security, U.S, Google, NBC News, FBI, National Intelligence, National Security Council, Palo Alto Networks Locations: Rayburn, Washington ,, MOVEIt
US government agencies hit in global hacking spree
  + stars: | 2023-06-15 | by ( ) www.reuters.com   time to read: +2 min
June 15 (Reuters) - The U.S. government has been hit in a global hacking campaign that exploited a vulnerability in widely used software but does not expect it to have significant impact, the nation's cyber watchdog agency said on Thursday. CISA did not identify the agencies that were hit or say exactly how they had been affected. The FBI and National Security Agency also did not immediately respond to emails seeking details on the breaches. MOVEit, made by Progress Software Corp (PRGS.O), is typically used by organizations to transfer files between their partners or customers. Neither Cl0p nor Progress immediately responded to requests for comment.
Persons: Eric Goldstein, cybersecurity, CISA, Jen, MOVEit, John Hammond, Huntress, Raphael Satter, Kanishka Singh, Zeba Siddiqui, Tanna, Chandi Shah, Jonathan Oatis, Angus MacSwan, Bill Berkrot Organizations: U.S, Cybersecurity, Infrastructure Security Agency, CNN, FBI, National Security Agency, MSNBC, Progress Software Corp, Progress, CITY, Thomson Locations: U.S, United States
UK telecoms regulator says it was affected by MOVEit hack
  + stars: | 2023-06-12 | by ( ) www.reuters.com   time to read: +1 min
LONDON, June 12 (Reuters) - Britain's communications regulator Ofcom on Monday said it was one of the organisations affected in a data theft hack centred on the popular file transfer tool MOVEit. "A limited amount of information about certain companies we regulate - some of it confidential - along with personal data of 412 Ofcom employees, was downloaded during the attack," the watchdog said in a statement. Tens of thousands of employees of British Airways, drugstore chain Boots and the BBC were among those whose personal data was exposed following the breach, the companies said last week. Ofcom said it took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. A limited amount of Ofcom data was downloaded from the MOVEit server during the breach, rather than from Ofcom systems directly, a spokesperson for the regulator said via e-mail.
Persons: Muvija, William James Our Organizations: Ofcom, British Airways, BBC, Thomson
CNN —A group of Russian-speaking cyber criminals has claimed credit for a sweeping hack that has compromised employee data at the BBC and British Airways and left US and UK cybersecurity officials scrambling to respond. The compromise of employee data at the BBC and British Airways came via a breach of a human resources firm, Zellis, that both organizations use. Numerous US state government agencies use the MOVEit software, but it’s unclear how many agencies, if any, have been compromised. The US Cybersecurity and Infrastructure Security Agency has ordered all federal civilian agencies to update the MOVEit software in light of the hack. Progress, the US firm that owns the MoveIT software, has also urged victims to update their software packages and has issued security advice.
Persons: ” They’ve, , CISA, Eric Goldstein, Charles Carmakal, , Allan Liska Organizations: CNN, BBC, British Airways, Infrastructure Security Agency, Federal Bureau of Investigation, Progress Software, FBI, Mandiant Consulting, Google, LinkedIn Locations: Canada
LONDON, June 5 (Reuters) - British Airways and retailer Boots said their staff were amongst those hit by a cyber attack on Zellis, a payroll provider used by hundreds of companies in Britain. British Airways, owned by IAG (ICAG.L), said it had notified affected employees and was providing them with support. Part of the Walgreens Boots Alliance, Boots said the attack had included some of its employees' personal details. Boots employs over 50,000 people in Britain, while British Airways has about 30,000 staff. The compromised data includes names, addresses and national insurance numbers, said the Daily Telegraph newspaper, which first reported which companies had been affected by the breach.
Persons: Boots, Zellis, Sarah Young, Eva Mathews, Shinjini Ganguli, Paul Sandle Organizations: British Airways, Britain . British Airways, IAG, Walgreens Boots Alliance, Daily Telegraph, Thomson Locations: Britain, London, Bengaluru
Total: 25